Apple iOS update to block mobile forensics

Disables USB port after a week of device remaining locked.

Apple will make it harder for police and government agencies to unlock iPhones and iPads in the next version of its iOS mobile operating system.

Computer forensics company Elcomsoft analysed the new features in Apple's upcoming iOS 11.4, which introduces a USB Restricted Mode feature.

This disables data connections over the iPhone and iPad Lightning port (which provides USB functionality), if the device has not been unlocked successfully within seven days.

Elcomsoft tested the new feature and found that after a week of no unlocking, "the Lightning port is only good for charging".

With USB Restricted Mode enabled, the iDevice can no longer be paired to computers or accessories, without entering the correct passcode or Touch ID / Face ID biometric.

The new iOS security feature "is aimed squarely at law enforcement." Elcomsoft wrote.

It is believed Apple introduced USB Restricted Mode as a countermeasure against iPhone unlocking via the Lightning port such as GreyShift's GreyKey - which is used by United States police forces - and in-house services from Cellebrite.

Although the exact workings of GreyKey and Cellebrite's techniques are yet to be revealed, it is thought that they use a file extracted from computers known as the lockdown record.

With the lockdown record file, it is possible to extract iTunes format data backups from the devices that have not been powered down or rebooted.

The lockdown record also allows retrieval of pictures and videos, lists of installed apps, and general device information, Elcomsoft said.

Apple has tightened the use of lockdown records in recent iOS 11 releases, including expiring them in seven days.

Police and government agencies wanting to extract data from an iPhone would now have to ensure that the device is kept powered on to obtain a non-expired lockdown record, and attempt to unlock the device within seven days.

"[Now] if the phone is delivered [to the unlocking service] in a powered-off state, and the passcode is not known, the chance of extraction is slim at best," Elcomsoft said.

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.